Skills
skills/thinkfleetai/thinkfleet-engine/feishu-bridge/Gen Agent Trust Hub

feishu-bridge

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill manages system-level persistence and script execution to maintain the bridge service.\n
  • Utilizes launchctl to load a macOS LaunchAgent for persistent background operation.\n
  • Executes local scripts bridge.mjs and setup-service.mjs to configure and run the bridge.\n- [DATA_EXFILTRATION]: The skill accesses and manages sensitive credential files within the user's home directory.\n
  • Reads and writes to ~/.thinkfleet/secrets/feishu_app_secret and ~/.thinkfleet/thinkfleet.json.\n- [PROMPT_INJECTION]: The skill acts as a conduit for untrusted data, creating a risk of indirect prompt injection.\n
  • Ingestion points: Ingests user messages from the Feishu platform via the im.message.receive_v1 event (file: SKILL.md).\n
  • Boundary markers: The documentation does not specify any delimiters or instructions to ignore embedded commands in user messages.\n
  • Capability inventory: Messages are forwarded to an AI agent through the ThinkFleet Gateway, which may have tool-execution capabilities.\n
  • Sanitization: No sanitization or validation of the external message content is described.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 05:14 AM